General
-
Target
3c9223d92c40760077983ab7eeb7509d92ec5400ef0c26151021dda113ce27d1
-
Size
114KB
-
Sample
220703-htphbabga5
-
MD5
a01320aeca43cc1846139e6db2caffd4
-
SHA1
df9ac1de1f02265fe1a88206e2ef5ec70c60890f
-
SHA256
3c9223d92c40760077983ab7eeb7509d92ec5400ef0c26151021dda113ce27d1
-
SHA512
26ad00b80514b40130e4ce6574688864a54371261040a3ddaf2ea1b9b6548cf64b14f3020e21583bee9f4f39f3ab45a5742f613d2a152e33c51f43467f7d3cf6
Static task
static1
Behavioral task
behavioral1
Sample
3c9223d92c40760077983ab7eeb7509d92ec5400ef0c26151021dda113ce27d1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
3c9223d92c40760077983ab7eeb7509d92ec5400ef0c26151021dda113ce27d1.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
tofsee
43.231.4.7
lazystax.ru
Targets
-
-
Target
3c9223d92c40760077983ab7eeb7509d92ec5400ef0c26151021dda113ce27d1
-
Size
114KB
-
MD5
a01320aeca43cc1846139e6db2caffd4
-
SHA1
df9ac1de1f02265fe1a88206e2ef5ec70c60890f
-
SHA256
3c9223d92c40760077983ab7eeb7509d92ec5400ef0c26151021dda113ce27d1
-
SHA512
26ad00b80514b40130e4ce6574688864a54371261040a3ddaf2ea1b9b6548cf64b14f3020e21583bee9f4f39f3ab45a5742f613d2a152e33c51f43467f7d3cf6
Score10/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Suspicious use of SetThreadContext
-